To:
iesg@ietf.org
Cc:
dnsop@cafax.se
From:
"D. J. Bernstein" <djb@cr.yp.to>
Date:
12 Mar 2000 01:22:29 -0000
Sender:
owner-dnsop@cafax.se
Subject:
Re: Last Call: Root Name Server Operational Requirements to BCP
Scott Bradner has asked me to propose specific changes to opreq. Here's possible text for the security section: 3.4 The computers that publish a server's address MUST be secured as carefully as the server itself. 3.4.1 If, for example, clients use an NS record that points to the server f.root-servers.net, then the computers that control the zone root-servers.net have the power to direct those clients to the IP address of a fake server. Those computers MUST be secured as carefully as the real server. 3.4.2 This rule applies recursively. If the address of a server is published by one computer, whose address in turn is published by another computer, then this last computer MUST be secured too; and so on. 3.4.3 Administrators are encouraged to avoid this situation. One good way to avoid NS dependencies is to make each NS record point to a name in the (child) zone that contains the NS record. Note that this strategy will assign several names to one IP address when one server handles several zones. Does anyone know why root-servers.net and gtld-servers.net weren't kept within the .net zone in the first place? ---Dan